Web Application Scan

Scanning Preparation Setting

• Settings when the client device is a smartphone
• Settings for scanning a target using Websocket
• Settings for scanning websites using external authentication (SSO, etc.)
• Presetting for scanning a target using HTTPS communication
• Is it possible to run Vex through an internal proxy server?
• How to scan Web API applications

See all 8 articles

Create Scan Scenario / Test Sending

• Is there a way to check the domain whose communication has been blocked by Vex?
• Is there a way to modify the IP address of a previously obtained proxy log?
• How to reduce scanning time when a target includes a large number of paramerters
• How to hide requests with specific extensions or filenames
• How to download "Test results"
• How to change the character code when the request / response garbled

See all 9 articles

Signatures

• How to check the detail of signatures?
• How to obtain a signature list
• Features and differences of the signature groups
• Is there a function to create a new signature?
• What is the difference in the signatures shown in gray font and blue font on the Web "Plan" page?
• How to use the signature of "Response time measurement"

See all 9 articles

Scanning / Scan result

• SQL Injection has been detected on a request that did not access the database
• How to verify scan results
• Scanning logs with a gray backgroud on the scan result list
• Is there any way to check the request/response of Pre processor and Post processor acquired during a scan?
• What is "Additional parameters" ?
• When a session is expired or logout from Vex while scanning, Does Vex scanning continue?

See all 14 articles

Troubleshoot

• Checklist when Vex cannot acquire proxy logs
• Causes of "Scenario recreate error" and how to fix it
• How to deal with Abnormally terminated scanning plan
• A message saying "Connection to proxy server is rejected", "Proxy server is not responding" or other is displayed when accessing a scanning target website
• A security warning appears when accessing a target site
• When you can acquire proxy log, but cannot execute scanning

See all 7 articles

Methods to improve scanning speed

• Removing duplicate target requests
• Optimization by rearranging scenarios
• Multi-threaded scanning
• Usage of Session management basic setting
• Usage of Speed prioritized signature group
• How to select signatures

See all 7 articles